Saturday, March 10, 2007

what is an email worm?

an email worm is, predictably, a type of worm that spreads over email...

email worms are perhaps the most well known type of worm since most people have seen more than a few of them in their email... in fact, during the peak of an email worm's population growth, some people have been known to see thousands of samples of a single worm in their email...

often email worms send themselves as email attachments to their victims, leading to a general rule of thumb that instructs users to be cautious with unexpected email attachments (as well as technology to strip out email attachments if they conform to one of a list of known executable file types)... there have been some email worms (such as vbs/bubbleboy), however, that have been able to spread inside the body of the email instead of as an attachment, so just looking out for email attachments isn't necessarily enough when it comes to email worms....

email worms, like all computer worms, are just programs and as such need to be executed before they can do anything... at one point email worms used any number of exploits to get themselves executed automatically as soon as the email was opened in a vulnerable email client (such as outlook or outlook express) or sometimes even as soon as you simply selected the email in the list (if you had the preview pane turned on)... many such vulnerabilities have been fixed and the option to view emails as plain text instead of html (since html rendering of email was often required for the exploits to work) has grown in popularity, but so to has the use of social engineering in order to trick the user into executing the attachment - and that still remains effective to this day...